02-27-2012 02:40 PM
Does anyone know of a way to disconnect clients that don't authenticate after a certain period of time? We have a Captive Portal SSID which has a large number of clients that connect but never logon. They just sit in the "guest-logon" role.
I'd like to find a way to force them to authenticate or disconnect (maybe even blacklist) them.
Any ideas would be appreciated.
02-27-2012 02:51 PM
Idle users will time out after "user idle timeout" value. By default it is set to 300 seconds (5 minutes). Even the logon user lifetime (time for which it can stay in initial role without authenticating) is set to 5 minutes by default.
Check the value on your controller using the following command
# show aaa timers
User idle timeout = 300 seconds
Logon user lifetime = 5 minutes
02-27-2012 03:13 PM
Aren't the clients just going to reconnect?
You might want to consider my PSK SSID recommendation. Making the SSID name something like: password_is_guest
09-29-2016 08:10 AM
On the master controller, select configuration, and under security select authentication. click on layer 3 tab and select captive portal authentication. Select your guests CP Profile, and on the right hand side, scroll to the bottom and under user idle timeout you can adjust the value there. Keep in mind, users will have to disconnect before this will take effect.